Public exposure warning on affected network group pages. config-able so a plugin...

diff --git a/boot.php b/boot.php
index 3dfd06bf179bae69a23cc52b0e21b4defc4c824d..94699a2730a7d9699c28c80fa84f70e4f5df0ed4 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -2,7 +2,7 @@
 
 set_time_limit(0);
 
-define ( 'FRIENDIKA_VERSION',      '2.1.936' );
+define ( 'FRIENDIKA_VERSION',      '2.1.938' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.2'  );
 define ( 'DB_UPDATE_VERSION',      1046   );
 
@@ -2022,7 +2022,7 @@ function contact_block() {
                        intval($shown)
        );
        if(count($r)) {
-               $o .= '<h4 class="contact-h4">' .  sprintf(tt('%d Contact','%d Contacts', $total),$total) . '</h4><div id="contact-block">';
+               $o .= '<h4 class="contact-h4">' .  sprintf( tt('%d Contact','%d Contacts', $total),$total) . '</h4><div id="contact-block">';
                foreach($r as $rr) {
                        $redirect_url = $a->get_baseurl() . '/redir/' . $rr['id'];
                        if(local_user() && ($rr['uid'] == local_user())

diff --git a/include/group.php b/include/group.php
index 793e854be046bc7f43db7572b249621e2dc19e8d..07cd45f199d32f2f33a23cdf8ec8c4d465ac4d42 100644 (file)
--- a/include/group.php
+++ b/include/group.php
@@ -110,7 +110,7 @@ function group_get_members($gid) {
                        LEFT JOIN `contact` ON `contact`.`id` = `group_member`.`contact-id` 
                        WHERE `gid` = %d AND `group_member`.`uid` = %d",
                        intval($gid),
-                       intval($_SESSION['uid'])
+                       intval(local_user())
                );
                if(count($r))
                        $ret = $r;
@@ -118,6 +118,21 @@ function group_get_members($gid) {
        return $ret;
 }
 
+function group_public_members($gid) {
+       $ret = 0;
+       if(intval($gid)) {
+               $r = q("SELECT `contact`.`id` AS `contact-id` FROM `group_member` 
+                       LEFT JOIN `contact` ON `contact`.`id` = `group_member`.`contact-id` 
+                       WHERE `gid` = %d AND `group_member`.`uid` = %d AND `contact`.`network` != 'dfrn' ",
+                       intval($gid),
+                       intval(local_user())
+               );              
+               if(count($r))
+                       $ret = count($r);
+       }
+       return $ret;
+}
+
 
 
 function group_side($every="contacts",$each="group") {

diff --git a/index.php b/index.php
index 9412c1e3bdb29fe27306828ae89db7569682d01a..074c1c53a4452e2fe63f65319bbfe96c39e900ae 100644 (file)
--- a/index.php
+++ b/index.php
@@ -42,10 +42,6 @@ if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
 } else {
        $lang = ((isset($a->config['system']['language'])) ? $a->config['system']['language'] : 'en');
 }
-if(x($_POST,'system_language'))
-if(x($_SESSION,'language'))
-       $lang = $_SESSION['language'];
-
 
        
 load_translation_table($lang);

diff --git a/mod/network.php b/mod/network.php
index 39679b48a14378635b58451e89abf37e67f9ed1a..a304c211fe91eb47528c1e23b321066b4e85d636 100644 (file)
--- a/mod/network.php
+++ b/mod/network.php
@@ -54,6 +54,14 @@ function network_content(&$a, $update = 0) {
        }
 
        if(! $update) {
+               if(group) {
+                       if(($t = group_public_members($group)) && (! get_pconfig(local_user(),'system','nowarn_insecure'))) {
+                               $plural_form = sprintf( tt('%d member', '%d members', $t), $t);
+                               notice( sprintf( t('Warning: This group contains %s from an insecure network.'), $plural_form ) . EOL);
+                               notice( t('Private messages to this group are at risk of public disclosure.') . EOL);
+                       }
+               }
+
                $o .= '<script> $(document).ready(function() { $(\'#nav-network-link\').addClass(\'nav-selected\'); });</script>';
 
                $_SESSION['return_url'] = $a->cmd;